php fopen error on fedora 21 - php

I am getting the following permissions warning with a while reading a file:
PHP Warning: fopen(todo.txt): failed to open stream: Permission denied in /var/www/php/oauth/web/insert.php on line 26, referer: https://oauth.dev/dropbox_finish.php?state=5
This problem come just by executing this code:
try{
$f = fopen("todo.txt", "r+");
...
}
I have done a lot of things with the permissions, let me show the current ones and then I'll show the rest.
[root#windows8 abel]# ls -lah /var/www/php
total 32K
drwxr-xr-x. 8 abel apache 4.0K Jun 3 15:53 .
drwxr-xr-x. 6 root root 4.0K May 29 12:38 ..
drwxr-xr-x. 3 abel abel 4.0K May 25 11:38 backup
drwxr-xr--. 6 abel apache 4.0K May 28 16:00 oauth
drwxr-xr-x. 8 abel apache 4.0K Apr 16 16:22 teamerp
drwxrwxr-x. 2 abel abel 4.0K Apr 16 17:18 TeamERP
drwx------. 5 abel abel 4.0K Apr 27 17:14 wordpress
drwx------. 6 abel abel 4.0K Jun 3 15:55 wp-test
[root#windows8 abel]# ls -lah /var/www/php/oauth/
total 36K
drwxr-xr--. 6 abel apache 4.0K May 28 16:00 .
drwxr-xr-x. 8 abel apache 4.0K Jun 3 15:53 ..
drwxr-xr--. 2 abel apache 4.0K Jun 7 11:56 app
-rwxr-xr--. 1 abel apache 124 May 25 16:05 composer.json
-rwxr-xr--. 1 abel apache 3.5K May 25 16:19 composer.lock
-rwxr-xr--. 1 abel apache 9 May 23 12:39 .gitignore
drwxrwxr-x. 3 abel apache 4.0K May 24 17:54 nbproject
drwxr-xr--. 5 abel apache 4.0K May 25 16:19 vendor
drwxr-xr--. 4 abel apache 4.0K Jun 8 15:16 web
[root#windows8 abel]# ls -lah /var/www/php/oauth/web/
total 36K
drwxr-xr--. 4 abel apache 4.0K Jun 8 15:16 .
drwxr-xr--. 6 abel apache 4.0K May 28 16:00 ..
drwxrwxr-x. 2 abel apache 4.0K May 28 16:00 css
-rw-rw-r--. 1 abel apache 5.4K Jun 8 17:37 dropbox_finish.php
-rwxr-xr--. 1 abel apache 109 May 28 09:59 index.php
-rw-rw-r--. 1 abel apache 1.3K Jun 8 17:50 insert.php
drwxrwxr-x. 2 abel apache 4.0K Jun 7 11:36 js
-rwxrwxrwx. 1 abel apache 55 Jun 8 17:50 todo.txt
[root#windows8 abel]#
The file is todo.txt.It has 777 permissions, the website works, but this file is supposed to be open to write it. That is the only difference as compared to any other if the html and php files that apache is serving.
The user abel is a member of the apache group. I have also tried to make the file owned by the user apache and it did not work, besides apache can read the rest of the web files, it's just this-one.
Any hint?
EDIT: I have created a folder and put the file inside. the run the following:
echo substr(sprintf('%o', fileperms('todo/todo.txt')), -4);
the result is 0777. I do not know what is going on, php actually sees the file, but I am still getting the error.
EDIT2: I have also execute the following command to know if it was a selinux problem with the file.
semanage fcontext -a -t httpd_sys_rw_content_t /var/www/php/oauth/web/todo/todo.txt
No results.

Related

I am able to read a file but unable to write it

I was following this video https://www.youtube.com/watch?v=gC8sLGB8SSM&index=77&list=PL442FA2C127377F07 . I am using fedora. I am able to read a file using this code:
$fileHandle = fopen('test.txt', 'r') or die('Unable to open test.txt');
echo fread($fileHandle, filesize('test.txt'));
But when I change 'r' to 'w', it dies and prints 'Unable to open test.txt'.
To check that I have permissions to read and write to a file, I typed this on terminal, ls -l /var/www/html. It showed:
total 8
-rwxr-xr-x. 1 Hemil apache 131 Jul 6 11:09 index.php
-rw-rw-r--. 1 Hemil Hemil 12 Jul 6 11:09 test.txt
I noticed that apache did not have the permission to read and write to a file, I did this: sudo chown Hemil:apache /var/www/html. But again when i checked the permissions, it prints the same as above.
EDIT: I forgot to add that I am not on a server. I am on localhost.
EDIT: On #Nic3500 's recommendation, i add the following:
ls -al /var:
total 108
drwxr-xr-x. 23 root root 4096 Apr 25 12:09 .
dr-xr-xr-x. 18 root root 4096 Jul 7 08:17 ..
drwxr-xr-x. 2 root root 4096 Apr 25 12:06 account
drwxr-xr-x. 2 root root 4096 Feb 7 15:11 adm
drwxr-xr-x. 17 root root 4096 Jul 5 10:21 cache
drwxr-xr-x. 2 root root 4096 May 31 10:46 crash
drwxr-xr-x. 3 root root 4096 Apr 25 12:06 db
drwxr-xr-x. 3 root root 4096 Apr 25 12:06 empty
drwxr-xr-x. 2 root root 4096 Feb 7 15:11 ftp
drwxr-xr-x. 2 root root 4096 Feb 7 15:11 games
drwxr-xr-x. 2 root root 4096 Feb 7 15:11 gopher
drwxr-xr-x. 3 root root 4096 Jun 15 03:23 kerberos
drwxr-xr-x. 59 root root 4096 Jul 5 11:55 lib
drwxr-xr-x. 2 root root 4096 Feb 7 15:11 local
lrwxrwxrwx. 1 root root 11 Apr 25 12:03 lock -> ../run/lock
drwxr-xr-x. 18 root root 4096 Jul 5 11:52 log
drwx------. 2 root root 16384 Jul 4 22:54 lost+found
lrwxrwxrwx. 1 root root 10 Feb 7 15:11 mail -> spool/mail
drwxr-xr-x. 2 root root 4096 Feb 7 15:11 nis
drwxr-xr-x. 2 root root 4096 Feb 7 15:11 opt
drwxr-xr-x. 2 root root 4096 Feb 7 15:11 preserve
lrwxrwxrwx. 1 root root 6 Apr 25 12:03 run -> ../run
drwxr-xr-x. 11 root root 4096 Apr 25 12:06 spool
drwxrwxrwt. 16 root root 4096 Jul 7 18:26 tmp
-rw-rw-r--. 1 root root 63 Apr 25 12:09 .updated
drwxr-xr-x. 4 root root 4096 May 1 14:24 www
drwxr-xr-x. 2 root root 4096 Feb 7 15:11 yp
ls -al /var/www
drwxr-xr-x. 4 root root 4096 May 1 14:24 .
drwxr-xr-x. 23 root root 4096 Apr 25 12:09 ..
drwxr-xr-x. 2 root root 4096 May 1 14:24 cgi-bin
drwxr-xr-x. 2 Hemil apache 4096 Jul 6 16:17 html
ls -al /var/www/html
drwxr-xr-x. 2 Hemil apache 4096 Jul 6 16:17 .
drwxr-xr-x. 4 root root 4096 May 1 14:24 ..
-rwxr-xr-x. 1 Hemil apache 102 Jul 7 16:55 index.php
-rw-rw-rw-. 1 Hemil apache 12 Jul 6 11:09 test.txt

centos 6 permissions issue

I have a dedicated server with Centos6 and cPanel, all I want is to install Magento 2 on this server. My problem is with files and folders permissions. in the Magento 2 documentation I need to set this permissions find . -type d -exec chmod 770 {} \; && find . -type f -exec chmod 660 {} \; && chmod u+x bin/magento . when I set this permision to my home/username/public_html I get this error in browser.
Forbidden
You don't have permission to access / on this server.
Server unable to read htaccess file, denying access to be safe
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
is anyone who can point me in one direction to solve this?
thank you
**Output**
**ls -al /path/to/magento**
drwxr-x---. 13 nobody nobody 4096 Jan 29 18:30 ./
drwx--x--x. 10 quick quick 4096 Jan 29 18:29 ../
drwxr-xr-x. 4 nobody root 4096 Jan 29 18:30 app/
drwxr-xr-x. 2 nobody root 4096 Jan 29 18:30 bin/
drwxr-xr-x. 2 nobody quick 4096 Jan 29 18:28 cgi-bin/
-rw-r--r--. 1 nobody root 437404 Jan 28 04:12 CHANGELOG.md
-rw-r--r--. 1 nobody root 1851 Jan 28 04:10 composer.json
-rw-r--r--. 1 nobody root 315984 Jan 28 04:12 composer.lock
-rw-r--r--. 1 nobody root 3425 Jan 28 04:12 CONTRIBUTING.md
-rw-r--r--. 1 nobody root 10011 Jan 28 04:12 CONTRIBUTOR_LICENSE_AGREEMENT.html
-rw-r--r--. 1 nobody root 631 Jan 28 04:12 COPYING.txt
drwxr-xr-x. 4 nobody root 4096 Jan 29 18:30 dev/
-rw-r--r--. 1 nobody root 1032 Jan 28 04:10 .gitignore
-rw-r--r--. 1 nobody root 2918 Jan 28 04:12 Gruntfile.js
-rw-r--r--. 1 nobody root 7592 Jan 28 04:12 .htaccess
-rw-r--r--. 1 nobody root 6419 Jan 28 04:12 .htaccess.sample
-rw-r--r--. 1 nobody root 1358 Jan 28 04:12 index.php
drwxr-xr-x. 4 nobody root 4096 Jan 29 18:30 lib/
-rw-r--r--. 1 nobody root 10374 Jan 28 04:12 LICENSE_AFL.txt
-rw-r--r--. 1 nobody root 10364 Jan 28 04:12 LICENSE.txt
-rw-r--r--. 1 nobody quick 35749362 Jan 29 18:29 Magento-CE-2.0.2-2016-01-28-02-26-45.tar.bz2
-rw-r--r--. 1 nobody root 4108 Jan 28 04:12 nginx.conf.sample
-rw-r--r--. 1 nobody root 1427 Jan 28 04:12 package.json
-rw-r--r--. 1 nobody root 1659 Jan 28 04:12 .php_cs
-rw-r--r--. 1 nobody root 804 Jan 28 04:12 php.ini.sample
drwxr-xr-x. 2 nobody root 4096 Jan 29 18:30 phpserver/
drwxr-xr-x. 6 nobody root 4096 Jan 29 18:30 pub/
-rw-r--r--. 1 nobody root 4388 Jan 28 04:10 README.md
drwxr-xr-x. 7 nobody root 4096 Jan 29 18:30 setup/
-rw-r--r--. 1 nobody root 3731 Jan 28 04:12 .travis.yml
drwxr-xr-x. 8 nobody root 4096 Jan 29 18:30 update/
drwxr-xr-x. 2 nobody root 4096 Jan 29 18:30 var/
drwxr-xr-x. 27 nobody root 4096 Jan 29 18:30 vendor/
**ps -ef | grep httpd**
root 14165 1 0 11:43 ? 00:00:01 /usr/local/apache/bin/httpd -k start
nobody 18801 14165 0 18:35 ? 00:00:00 /usr/local/apache/bin/httpd -k start
nobody 18802 14165 0 18:35 ? 00:00:00 /usr/local/apache/bin/httpd -k start
nobody 18803 14165 0 18:35 ? 00:00:00 /usr/local/apache/bin/httpd -k start
nobody 18804 14165 0 18:35 ? 00:00:00 /usr/local/apache/bin/httpd -k start
nobody 18805 14165 0 18:35 ? 00:00:00 /usr/local/apache/bin/httpd -k start
root 18975 20796 0 18:43 pts/0 00:00:00 grep httpd

You also probably need to chwon user:group bin/magento on the files you have installed (the magento files). You need to figure out which user Apache is running as and change user:group above to that, something like apache:apache or whatever is in your httpd.conf file.
Post some more info (ls -al /path/to/magento and ps -ef | grep httpd for apache), but I'll bet that's your problem.
Edit
Based on your edited output, you need to chown the files to be owned by nobody, which is the user apache is running as. This can be done via chown -R nobody /path/to/magento
Note that you only show the .bz2 archive, but you need to chown the extracted files.
Also, you said you had to use the user that cpanel created when you installed it, so there you go.

php rename() permission denied using exec cmd line

I use phpword, a ms-word document generator. It creates a temporary file
then it renames it to the correct .docx format.
The user projop owns the php script and it run it as projop.
There isn't any httpd involved because it's a call from a TCL app using the exec function.
I created the php's temp folder in /home/projop/tmp and given 0777 plus made sure it's owned by projop:projop.
Should this belong to root group or maybe apache group? I'm on CentOS 6.5. not sure but I keep getting permission denied.
The php script Template.php that renames is also owned by projop
Warning: rename(/home/projop/tmp/yRRXn0,Mission Announcement Sheet - BB&T76.docx): Permission denied in /var/www/html/doc-generate/wwwroot/phpword/src/PhpWord/Template.php on line 340 Warning: rename
I dont know what's wrong. The user who owns the script is projop, the tmp folder is on the user's home directory and it's owned by projop.
Im not sure what's going on.
The /tmp folder permission:
[root#project-open-v40 projop]# ls -la
total 493808
drwxr-xr-x. 7 projop root 4096 Aug 6 09:40 .
drwxr-xr-x. 3 root root 4096 Jul 9 09:37 ..
drwxrwxr-x. 4 projop projop 4096 Oct 16 2012 acs-bootstrap-installer-master
-rwxr-xr-x. 1 projop projop 27527 Jul 15 10:32 gain_fns.php
-rw-r-----. 1 projop projop 2487 Jul 17 11:49 logo.gif
-rw-rw-r--. 1 projop projop 52535 Jul 23 09:57 master
-rwxr-xr-x. 1 projop projop 3039 Jul 28 14:37 notifyPM.php
-rw-r--r--. 1 projop projop 59719 Aug 5 09:35 resetInvoice.php
drwxr-xr-x. 3 apache apache 4096 Mar 12 15:34 templates
-rw-r--r--. 1 apache projop 7966720 Jul 9 09:37 templates.tar
drwxrwxrwx. 2 projop projop 4096 Aug 6 09:54 tmp
drwxr-xr-x. 6 apache apache 4096 Mar 2 02:43 vendor
-rw-r--r--. 1 apache projop 211886080 Jul 9 09:38 vendor.tar
drwxr-xr-x. 18 apache apache 4096 Jul 7 10:40 wwwroot
-rw-r--r--. 1 apache projop 285624320 Jul 9 09:38 wwwroot.tar
/tmp folder contents:
[root#project-open-v40 tmp]# ls -la
total 152
drwxrwxrwx. 2 projop projop 4096 Aug 6 09:54 .
drwxr-xr-x. 7 projop root 4096 Aug 6 09:40 ..
-rwxrwxrwx. 1 projop projop 34854 Aug 6 09:53 G0pC83
-rwxrwxrwx. 1 projop projop 34854 Aug 6 09:42 lLm9Iz
-rwxrwxrwx. 1 projop projop 34854 Aug 6 09:46 NR8CSg
-rwxrwxrwx. 1 projop projop 34854 Aug 6 09:54 yRRXn0

Looking at the rename command warning:
Warning: rename(/home/projop/tmp/yRRXn0,Mission Announcement Sheet - BB&T76.docx): Permission denied in /var/www/html/doc-generate/wwwroot/phpword/src/PhpWord/Template.php on line 340 Warning: rename
you're attempting to rename the file without specifying the path. This is then trying to rename to a different location from your expected /home/projop/tmp/
Try pre-pending the path to the second argument and trying again.

use chmod to change the permissions of the file before you attempt to rename it - changing the permissions to the 0777 as you have for the folder.
http://php.net/manual/en/function.chmod.php
Also use http://php.net/manual/en/function.fileperms.php to return the current values of the file, see if there's anything unusual there?
Another alternative if this fails is to use the PHP script to load the contents of the file and then save the contents under a new name, and delete the original. This is the long process of what renaming in effect does. This is less than ideal but is an option.
Edit:
You may not be allowed to rename contents of the /tmp/ folder, as it is a dedicated and specified temporary folder, so instead of renaming it there, try the process above of opening the file and then renaming and saving it to another more permanent destination.

PHP can't read file on /var/tmp

I have a really strange error. PHP can't read a file that do exists... Some ideas? I have not SELinux installed. I'm using fedora 17 and php 5.4.
I already try everything I know, but the problem still remains.
[root#sqd var]# ls -lia
total 92
8194 drwxrwxrwx. 23 root root 4096 ago 17 10:30 .
2 dr-xr-xr-x. 19 root root 4096 ago 13 16:00 ..
32139 drwxr-xr-x. 2 root root 4096 may 22 13:42 account
288 drwxr-xr-x. 2 root root 4096 feb 3 2012 adm
13 drwxr-xr-x. 14 root root 4096 ago 8 10:26 cache
796005 drwxr-xr-x 2 root root 4096 feb 6 2012 cvs
289 drwxr-xr-x. 3 root root 4096 ago 21 18:07 db
290 drwxr-xr-x. 3 root root 4096 may 22 13:42 empty
263682 drwxr-xr-x. 3 root root 4096 ago 7 11:15 ftp
291 drwxr-xr-x. 2 root root 4096 feb 3 2012 games
35931 drwxrwx--T. 2 root gdm 4096 jun 8 16:05 gdm
292 drwxr-xr-x. 2 root root 4096 feb 3 2012 gopher
15 drwxr-xr-x. 45 root root 4096 ago 10 10:42 lib
296 drwxr-xr-x. 2 root root 4096 feb 3 2012 local
308 lrwxrwxrwx. 1 root root 11 may 22 13:39 lock -> ../run/lock
12 drwxr-xr-x. 14 root root 4096 ago 26 03:17 log
297 lrwxrwxrwx. 1 root root 10 may 22 13:39 mail -> spool/mail
298 drwxr-xr-x. 2 root root 4096 feb 3 2012 nis
931987 drwxrwxrwx 3 nobody nobody 4096 ago 17 10:32 nodejs
299 drwxr-xr-x. 2 root root 4096 feb 3 2012 opt
300 drwxr-xr-x. 2 root root 4096 feb 3 2012 preserve
307 lrwxrwxrwx. 1 root root 6 may 22 13:39 run -> ../run
301 drwxr-xr-x. 15 root root 4096 may 22 13:43 spool
305 drwxrwxrwx. 5 nobody nobody 4096 ago 30 14:13 tmp
262637 drwxr-xr-x. 7 root root 4096 ago 7 11:20 www
306 drwxr-xr-x. 2 root root 4096 feb 3 2012 yp
[root#sqd var]# ls -lia tmp/
total 216
305 drwxrwxrwx. 5 nobody nobody 4096 ago 30 14:13 .
8194 drwxrwxrwx. 23 root root 4096 ago 17 10:30 ..
3030 -rwxrwxrwx 1 nobody nobody 199397 ago 30 14:13 file_thumb_5363_1_0.jpg
But
<?php
highlight_file(__FILE__);
var_dump(file_exists('/var/tmp/file_thumb_5363_1_0.jpg'));
print out:
bool(false)

Fedora 16 introduced the concept of a "private tmp" /tmp and /var/tmp I would throw my 2 cents on that direction.
From the manual:
2.3.3. Services Private /tmp
A number of services managed by systemd have been modified to make use of its ability to provide them with a
private /tmp directory. Privileged services using /tmp and /var/tmp
have previously been found to be open to being interfered with by
unprivileged users, potentially leading to privilege escalation. Using
private /tmp directories for services prevents this style of exploit.
The directive added to the systemd unit files for the modified
services is:
[Service]
PrivateTmp=true

PHP5.3 (as Apache module) unable to write into /var/www/<project-name>/<document-root>/cache

Please, be patient while reading, because the problem is seems to be transparent but just only seems.
The situation is:
1.
OS: fedora-16 (latest),
httpd: apache-2.2.21,
php: php-5.3.8 (works as apache's module)
2.
host information:
DOCUMENT_ROOT: /var/www/[site-name]/public_html
Kohana-3.2.0 (latest stable) installed this way:
$ pwd
/var/www/<site-name>
$ ls -alp
drwxr-xr-x. 6 apache apache 4096 Jan 7 20:35 ./
drwxr-xr-x. 8 apache apache 4096 Jan 7 20:08 ../
drwxr-xr-x. 9 apache apache 4096 Jul 25 03:26 application/
drwxr-xr-x. 10 apache apache 4096 Jul 25 03:26 modules/
drwxr-xr-x. 2 apache apache 4096 Jan 7 20:35 public_html/
drwxr-xr-x. 11 apache apache 4096 Jul 25 03:26 system/
$ cd application/; ls -alp
drwxr-xr-x. 9 apache apache 4096 Jul 25 03:26 ./
drwxr-xr-x. 6 apache apache 4096 Jan 7 20:35 ../
-rwxr-xr-x. 1 apache apache 3612 Jul 25 03:22 bootstrap.php
drwxrwxrwx. 2 apache apache 4096 Jan 8 20:14 cache/
drwxr-xr-x. 4 apache apache 4096 Jul 25 03:26 classes/
drwxr-xr-x. 2 apache apache 4096 Jul 25 03:26 config/
drwxr-xr-x. 2 apache apache 4096 Jul 25 03:26 i18n/
drwxrwxrwx. 2 apache apache 4096 Jul 25 03:26 logs/
drwxr-xr-x. 2 apache apache 4096 Jul 25 03:26 messages/
drwxr-xr-x. 2 apache apache 4096 Jul 25 03:26 views/
Command `top` says that Apache is really starts under `apache` user privileges.
So how can I have that application/cache and application/logs directories are unwritable? - I've checked them also with
var_dump(fopen($_SERVER['DOCUMENT_ROOT'] . '/../application/cache/something.txt', 'w+'));
Same result. Have no idea how it could be. No symlinks, no mounted drives etc.
Have anyone met such a situation?

Disable selinux (http://www.crypt.gen.nz/selinux/disable_selinux.html).
BTW from security standpoint, it's a very bad idea to make apache owner of .php files

Categories